Golden Images for Network Virtualization – Best Practices

Network virtualization is becoming an increasingly ubiquitous trend, as many businesses are opting to replace outdated and costly physical networks with a more virtual architecture. This is especially the case for retailers, due to the many challenges they face on the omnichannel retail playing field. The ever-rising expectations from consumers, combined with the presence of online shopping, and Amazon Go, have created an imperative to add IT structures that can scale and deploy in a quick and cost-effective manner.

One method that can allow for the easy scaling and deployment of retail hardware is the utilization of golden images. This blog discusses their uses, benefits and best practices.

What is a Golden Image?

A golden image – known as a master image by some – is a pre-defined combination of operating system, applications and configurations. It is usually deployed in to a virtual machine and serves as a template for the time-efficient deployment of virtual networks. In addition, golden images can also be designed for use on physical servers, desktops PCs and other such devices.

The Benefits of Golden Images

By using golden images, new virtual machines can be prepared much more quickly than installing and configuring the OS and applications separately. It enables retailers to push out patches and updates to 100s or thousands of stores remotely in one swift deployment, making the process more secure, reliable and significantly faster. Golden images also ensure consistency across all virtual machines by using the same software versions and pre-defined configuration options, making on-going maintenance and updates simpler.

This consistency doesn’t just benefit IT administrators. It also means that all company employees have access to the same functionality and can be trained in a streamlined manner.

Zynstra uses golden images in a number of ways to achieve these benefits and also supports the customer’s own golden image processes for applications.

Golden Images – Best Practices

Build and test

When creating the golden image, it may make sense to use the latest version of an application and operating system. Not only does this ensure that the virtual machines will be consistent across the board, it also provides an opportunity to thoroughly test the software before rolling out to site.

Building a golden image is about selection of the correct software, configuring it for the specific use case, and then testing both compatibility and security, before committing it to use.

Maintain a golden image update schedule

Applications and operating systems are able to update themselves to the latest software version (or can be updated by IT tools such as Microsoft SCCM). It is therefore not usually necessary to keep a golden image up to date with every small patch that comes out. The overhead of creating and distributing the new image is simply not worth the time.

However, it is important to create new golden images for larger software updates, or to roll-up several weeks’ worth of patches. Doing so can significantly reduce installation time for new systems, as fewer application and operating system updates need to be downloaded and applied.

Keep the image as simple as possible

A golden image is usually intended to deliver an application for a specific use case. It is not delivering a ‘general purpose’ operating system – The exception is, perhaps, when delivering virtual desktops to end users.

When creating and maintaining a golden image, it makes sense that the images themselves should not be overly complicated, nor include unnecessary software packages or operating system features. The more complicated the image is, the more time and effort have to be invested in maintaining it. Also, reducing the ‘footprint’ of the golden image improves system security by removing functions that could otherwise be a source of exploits.

Assigning unique ID

In addition to the consistent software and configuration, one other thing is needed: A way to assign identity. When a golden image is installed in a virtual machine it is a clone of the original, source image. But to operate in each virtual machine it is deployed to, it must adopt an identity.

As far as the operating system is concerned, identity can be as simple as assigning a unique ID (UUID) and host name. For the application, assigning identity may be much more complex, needing to consider the location and role of each individual virtual machine.

Once a plan for assigning identity is understood, it can be automated. Typically, a ‘run once’ script does housekeeping work like this during the first boot of the Virtual Machine after the golden image has been deployed.

Don’t get complacent when it comes to security.

Network virtualization brings with it a number of security benefits, due to the way that information is stored and distributed.

This does not mean, however, that every precaution should not be taken. It’s best to apply all security measures to the golden image.

When it comes to streamlined virtualized networking, Zynstra’s purpose-built Intelligent Control Plane makes it easy to commission, manage, control and update hundreds or thousands of sites across your entire edge estate – treating it as a software defined, integrated whole, rather than individual, independent sites.

How Zynstra Uses Golden Images

Zynstra is an advocate for automation and consistency in IT, so it should be no surprise that we use golden images as part of the core product. These golden images are used to create virtual machines as part of the automated server commissioning process:

All core Zynstra features and functions are installed on the server from golden images

For multi-site customers rolling out 10s or 100s of sites, Zynstra works with these customers to incorporate their application golden images in to the Commissioning process.

Configuration of virtual machines, and any steps required to assign identity, are handled by the Zynstra Intelligent Control Plane commissioning processes.

For Virtual Store solutions, assigning identity to the POS applications hosted on the Zynstra server is more complex: Multiple virtualized POS instances will need to be configured to work with specific register lanes or store-front devices, bound by hardware MAC addresses, and possibly assigned to different local networks depending on their role. This can be automated by the Intelligent Control Plane, being only dependent on knowing the quantity of POS devices in-store, and their hardware IDs.

Creating and Distributing a Golden Image

The best place to create a golden image is on a Zynstra server, starting with a standard Zynstra Windows or Linux image. Building on this platform ensures the correct drivers and agents are already installed.

Taking this approach, once the virtual machine is tested and ready, it can be sysprep’ed (have its current identity and hardware dependency removed) and copied.

The image can then be distributed to new servers either from the cloud or on a USB key as part of the server staging process.

There are alternatives to this approach, usually applicable when a customer already has a reliable golden image process. For example, Custom virtual machines can be created empty, but ready to PXE boot from the network, with a PXE server delivering scripts and images directly to the virtual machine to install a golden image from the customer’s own repository.

Zynstra Software Suite

Zynstra enables retailers to centrally define, test and deliver standardized retail edge environments – rolling out new services to 10s, 100s or 1000s of sites without IT bottlenecks.